[Bro] Where are the log files when DNS monitoring ran by cli ?

John Donnelly jdonnelly at dyn.com
Wed Oct 22 07:28:54 PDT 2014

Bingo - the dns.log is in the cwd !

Q answered !

On Wed, Oct 22, 2014 at 9:26 AM, Seth Hall <seth at icir.org> wrote:

> On Oct 22, 2014, at 9:42 AM, John Donnelly <jdonnelly at dyn.com> wrote:
> > No changes made to broctl.cfg !
> >
> > I am running bro outside of broctl .. are those setting read by bro
> during startup ?
> I'm confused.  You first said that you weren't getting logs when you ran
> Bro outside of BroControl but then you said you were getting logs when you
> ran Bro with BroControl.
> If you run bro directly at the command line, it won't load any of the
> broctl scripts or implement any of the broctl configuration.  You are
> almost certainly seeing invalid checksums on one of the interfaces you're
> sniffing.  If you want to see if that's it, you could temporarily disable
> checksum checking with the -C flag on the command line.  I don't recommend
> running with that configuration for normal use though.
> It seemed like you were also confused about where logs would be written
> when running bro directly.  They should be written to your current working
> directory by default. :)
>   .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141022/790cb365/attachment.html 

More information about the Bro mailing list